apply access-list(to interface VLAN)

Syntax

apply access-list {ip|ipv6}{routed-in|routed-out} no apply access-list {ip|ipv6}{routed-in|routed-out}

Description

Applies an ACL to the interface VLAN (or range of interface VLANs) identified by the current interface VLAN context. Using theapply access-listcommand on an interface VLAN interface with an already-applied ACL of the samedirection andtype will replace the currently-applied ACL.

Thenoform of this command removes application of the ACL from the interface VLAN (or range of interface VLANs) identified by the current interface VLAN context.

Command context

config-if-vlan

Parameters

ip|ipv6

指定了ACL类型:ipfor IPv4,ipv6for IPv6.

Specifies the ACL name.

routed-in

Selects the routed inbound (routed ingress) traffic direction.

routed-out

Selects the routed outbound (routed egress) traffic direction.

Authority

Administrators or local user group members with execution rights for this command.

Usage

  • Each ACL of a given type can be applied to the same interface VLAN once in each direction. Therefore, using theapply access-listcommand on an interface VLAN with an already-applied ACL of the same direction and type, will replace the applied ACL.

Examples

Creating an IPv4 ACL and applying it to routed ingress traffic on interface VLAN vlan100:

switch(config)#access-list ip testswitch(config-acl-ip)#10 permit any 1.1.1.2 2.2.2.2 countswitch(config-acl-ip)#20 permit any 1.1.1.2 2.2.2.1 countswitch(config-acl-ip)#30 permit any 2.2.2.2 1.1.1.2 countswitch(config-acl-ip)#40 permit any 2.2.2.2 1.1.1.1 countswitch(config-acl-ip)#50 permit any any any countswitch(config-acl-ip)#exitswitch(config)# switch(config)#interface vlan100switch(config-if-vlan)#apply access-list ip test routed-in
Applying My_ip_ACL to routed ingress traffic on interface VLAN 10:
switch(config)#interface vlan 10switch(config-if-vlan)#apply access-list ip My_ip_ACL routed-in
Applying My_ipv6_ACL to routed ingress traffic on interface VLAN 10:
switch(config)#interface vlan 10switch(config-if-vlan)#apply access-list ipv6 My_ip_ACL routed-in
Applying My_ip_ACL to routed ingress traffic on interface VLANs 20 to 25:
switch(config)#interface vlan 20-25switch(config-if-vlan-<20-25>)#apply access-list ip My_ip_ACL routed-in
取代My_ipv6_ACLMy_Replacement_ACL on interface VLAN 10 (following the above examples):
switch(config)#interface vlan 10switch(config-if-vlan)#apply access-list ipv6 My_Replacement_ACL routed-in
Removing (unapplying) My_Replacement_ACL on interface VLAN 10. Any other interfaces or VLANs with My_Replacement_ACL applied are not affected:
switch(config)#interface vlan 10switch(config-if-vlan)#no apply access-list ipv6 My_Replacement_ACL routed-in
Removing (unapplying) My_ip_ACL on interface VLANs 20 to 25. Any other interfaces or VLANs with My_ip_ACL applied are not affected:
switch(config)#interface vlan 20-25switch(config-if-vlan-<20-25>)#no apply access-list ip My_ip_ACL routed-in
Applying My_ip_ACL to routed egress traffic on interface VLAN 30:
switch(config)#interface vlan 30switch(config-if-vlan)#apply access-list ip My_ip_ACL routed-out
Applying My_ip_ACL to routed egress traffic on interface VLANs 40 to 50:
switch(config)#interface vlan 40-50switch(config-if-vlan-<40-50>)#apply access-list ip My_ip_ACL routed-out